wood burning stoves 2.0*
The moose likes Web Services Certification (SCDJWS/OCEJWSD) and the fly likes configure <auth-constraint> for access control Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Certification » Web Services Certification (SCDJWS/OCEJWSD)
Bookmark "configure <auth-constraint> for access control " Watch "configure <auth-constraint> for access control " New topic
Author

configure <auth-constraint> for access control

Himai Minh
Ranch Hand

Joined: Jul 29, 2012
Posts: 724
From Ivan's note p.246-248, in order configure access control on the server side, the web.xml should define something like this:
<auth-contraint>
<role-name>user</role-name>
</auth-contraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>

The sun-web.xml should define something like this:
<security-role-mapping>
<role-name>user</role-name>
<group-name>wsit</group-name>
</security-role-mapping>

My question is what if there are thousands of users who are granted access control? Should we define thousands of <role-name> for <auth-contraint> and etc?
And should we define thousands of <security-role-mapping> in sun-web.xml for each <role-name> in web.xml?

Frits Walraven
Creator of Enthuware JWS+ V6
Bartender

Joined: Apr 07, 2010
Posts: 1645
    
  25

You might want to read the security part from the EE6-tutorial, especially Working with Realms, Users, Groups, and Roles

Regards,
Frits
Himai Minh
Ranch Hand

Joined: Jul 29, 2012
Posts: 724
After reading the tutorial, it says to define role in the sun-web.xml , not individual users.
That makes more sense now. "Role" means the role of the individual users. Example of roles: students, admin, teacher and etc. Each student are in "students" role.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: configure <auth-constraint> for access control
 
Similar Threads
FORM-BASED setup problem: Login.jsp cannot be rendered!!!
secure access and struts
EJB and Security (JAAS)
Keep having to login with container based authentaction.
How authorization constraint effects authentication?